Regular Expressions 101

Community Patterns

REGEX to parse IIS7 Log File into FluentD

0

Regular Expression
PCRE (PHP <7.3)

/
^(?<date>\d{4}\-\d{2}\-\d{2})\s+(?<time>\d{2}\:\d{2}\:\d{2})\s+(?<sip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+(?<csmethod>GET|POST|PUT|PATCH|DELETE)\s+(?<csuristem>.+?)\s+(?<csuriquery>.+?)\s+(?<sport>\d{1,3})\s+(.+?)\s+(?<cip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+(?<csUseragent>.+?)\s+(?<scstatus>\d{1,3})\s+(?<scsubstatus>\d{1,3})\s+(?<scwin32status>\d+)\s+(?<scbytes>\d+)\s+(?<csbytes>\d+)\s+(?<timetaken>\d+)?$
/

Description

This regex parses the entire line of the IIS log files (without detail on the AgentID) for usage into FluentD. The original was writen by Juan Carniglia. Link

I've updated to move the spaces out of the capture, and to make the csmethod specific to GET/POST/etc.

Submitted by Juan Carniglia - 5 years ago